Add missing model of JsonObjectBuilder.remove

smowton · smowton · commit 6bf931392be2 · 2021-07-12T17:13:39.000+01:00
diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll
@@ -86,6 +86,7 @@ private class FlowSummaries extends SummaryModelCsv {
           "JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
           "JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
           "JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint",
+          "JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value",
           "JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint",
           "JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint",
           "JsonPatch;false;apply;;;Argument[0];ReturnValue;taint",
diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java
@@ -1030,6 +1030,13 @@ public void test() {
 			out = in.build();
 			sink(out); // $hasTaintFlow
 		}
+		{
+			// "jakarta.json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value"
+			jakarta.json.JsonObjectBuilder out = null;
+			jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source();
+			out = in.remove(null);
+			sink(out); // $hasValueFlow
+		}
 		{
 			// "jakarta.json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint"
 			jakarta.json.JsonStructure out = null;
@@ -2210,6 +2217,13 @@ public void test() {
 			out = in.build();
 			sink(out); // $hasTaintFlow
 		}
+		{
+			// "javax.json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value"
+			javax.json.JsonObjectBuilder out = null;
+			javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source();
+			out = in.remove(null);
+			sink(out); // $hasValueFlow
+		}
 		{
 			// "javax.json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint"
 			javax.json.JsonStructure out = null;
